Merge pull request #197989 from SuperSandro2000/healthchecks

nixos/modules/services/web-apps/healthchecks.nix

@@ -15,14 +15,14 @@ let
 
   environmentFile = pkgs.writeText "healthchecks-environment" (lib.generators.toKeyValue { } environment);
 
-  healthchecksManageScript = with pkgs; (writeShellScriptBin "healthchecks-manage" ''
+  healthchecksManageScript = pkgs.writeShellScriptBin "healthchecks-manage" ''
+    sudo=exec
     if [[ "$USER" != "${cfg.user}" ]]; then
-        echo "please run as user 'healtchecks'." >/dev/stderr
+      sudo='exec /run/wrappers/bin/sudo -u ${cfg.user} --preserve-env --preserve-env=PYTHONPATH'
-        exit 1
     fi
-    export $(cat ${environmentFile} | xargs);
+    export $(cat ${environmentFile} | xargs)
-    exec ${pkg}/opt/healthchecks/manage.py "$@"
+    $sudo ${pkg}/opt/healthchecks/manage.py "$@"
-  '');
+  '';
 in
 {
   options.services.healthchecks = {
@@ -163,7 +163,7 @@ in
           WorkingDirectory = cfg.dataDir;
           User = cfg.user;
           Group = cfg.group;
-          EnvironmentFile = environmentFile;
+          EnvironmentFile = [ environmentFile ];
           StateDirectory = mkIf (cfg.dataDir == "/var/lib/healthchecks") "healthchecks";
           StateDirectoryMode = mkIf (cfg.dataDir == "/var/lib/healthchecks") "0750";
         };

nixos/tests/web-apps/healthchecks.nix

@@ -33,10 +33,10 @@ import ../make-test-python.nix ({ lib, pkgs, ... }: {
         )
 
     with subtest("Manage script works"):
-        # Should fail if not called by healthchecks user
-        machine.fail("echo 'print(\"foo\")' | healthchecks-manage help")
-
         # "shell" sucommand should succeed, needs python in PATH.
         assert "foo\n" == machine.succeed("echo 'print(\"foo\")' | sudo -u healthchecks healthchecks-manage shell")
+
+        # Shouldn't fail if not called by healthchecks user
+        assert "foo\n" == machine.succeed("echo 'print(\"foo\")' | healthchecks-manage shell")
   '';
 })

pkgs/servers/web-apps/healthchecks/default.nix

@@ -8,43 +8,32 @@ let
   py = python3.override {
     packageOverrides = final: prev: {
       django = prev.django_4;
-      fido2 = prev.fido2.overridePythonAttrs (old: rec {
-        version = "0.9.3";
-        src = prev.fetchPypi {
-          pname = "fido2";
-          inherit version;
-          sha256 = "sha256-tF6JphCc/Lfxu1E3dqotZAjpXEgi+DolORi5RAg0Zuw=";
-        };
-      });
     };
   };
 in
 py.pkgs.buildPythonApplication rec {
   pname = "healthchecks";
-  version = "2.2.1";
+  version = "2.4.1";
   format = "other";
 
   src = fetchFromGitHub {
     owner = "healthchecks";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-C+NUvs5ijbj/l8G1sjSXvUJDNSOTVFAStfS5KtYFpUs=";
+    sha256 = "sha256-K2zA0ZkAPMgm+IofNiCf+mVTF/RIoorTupWLOowT29g=";
   };
 
   propagatedBuildInputs = with py.pkgs; [
     apprise
-    cffi
     cron-descriptor
     cronsim
-    cryptography
     django
     django-compressor
     fido2
     minio
     psycopg2
-    py
+    pycurl
     pyotp
-    requests
     segno
     statsd
     whitenoise